remote hybrid work

(Photo by Ludovic MARIN / AFP)

Five tips to ensure a secure hybrid and remote working experience

While remote and hybrid working has become normal for most organizations, some companies are beginning to insist that their employees to return to the office full-time. Most financial institutions have already demanded employees return back to work in the office while some tech companies, who initially championed remote and hybrid working, have done the same.

Apart from concerns about a drop in productivity by senior management (although statistics show that remote working might improve productivity), there are also concerns about the security threats that employees could be exposed to when working out of office. Statistics have shown that remote workers contribute to increased cyber threats affecting organizations around the world.

Despite more cybersecurity practices and improved workplace communication tools, vulnerabilities are still around. According to the Verizon Mobile Security Index 2022, hybrid work for example has seen security teams face an uphill battle as the number of devices and remote workers increased.

Larkin Ryder, Senior Director of Product Security at Slack said, “we’re never going back to the way things were before the pandemic, and nor should we. To attract and retain top talent and take advantage of the productivity benefits brought about by embracing a digital HQ, organizations should be leaning into flexibility and new ways of working. Even if we did return to the office, the new technologies and tools we adopted during the pandemic are now an intrinsic part of how we get things done.”

Ryder also pointed out that with cyber-attacks continuing to grow in scale and complexity, the nervousness around maintaining security in a distanced work environment is understandable.

“There’s no doubt that bad actors have taken advantage of uncertainty and change over the last couple of years to exploit businesses and their employees. By following a few tips, though, we can slow them down, and raise the cost of attacks, while continuing to unlock the benefits of a hybrid future of work,” explained Ryder.

As such, Ryder shares five tips remote and hybrid workers should take note of.

Tip one: Recognize your risks 

Online fraud rose during the pandemic as bad actors took advantage of increased home working and reliance on online devices. From COVID-19 testing scams to launching hacks through QR codes, the first step to boosting security is recognizing the different shapes and sizes security risks come in. Security leaders must continuously make time to identify new threats and vulnerabilities and plan for improved detective and preventive controls, to ensure their business stays ahead of those risks.

It’s also worth understanding the implications of weaker security and educating all employees on this topic. Not only can it impact the business’ finances, but research suggests victims are also hurt emotionally, with lower levels of happiness and higher levels of anxiety. Security today isn’t only about protecting your technology and finances, but your people.

While heightening employee awareness of security risks, lead with empathy. Communicate that the security team is ready to help and support whenever people have security concerns.

Tip two: Be alert to phishing attacks 

Email isn’t the only way attackers are gaining access to businesses and their employees. A recent study has found a shift in phishing attack delivery methods to steal data, with users clicking phishing links from other channels, including personal websites and blogs, social media, and search engine results. The study also identified a rise in fake third-party cloud apps designed to trick users into authorizing access to their cloud data and resources.

Early detection is critical in defending against these attacks. Anything companies can do to better monitor their employees’ online accounts to identify unusual behavior is imperative. Slack’s Audit Log API (available on Enterprise Grid) is a critical tool for this purpose, allowing companies to inspect user account metadata continuously to detect potential compromises and immediately react to them.

Slack recommends all customers practice strong security measures to guard their networks against cyber-attacks, including undertaking security awareness training.

(Photo by Stephen Lam / GETTY IMAGES NORTH AMERICA / Getty Images via AFP)

Tip three: Empower your employees with enterprise-grade tools

Before the pandemic, security was all about creating a perimeter. You’d have a firewall protecting your base of operations, one which would be simple to maintain with the assumption that 99% of work was being completed in the office. Today, those assumptions have been upended, and IT pros need to be empowered to bring enterprise-grade security into the home.

IT teams must stay ahead of employee needs. Otherwise, employees will find their own solutions, increasing the risk of disclosure of sensitive information. And, once adopted, it’s hard for companies to unwind this so-called ‘shadow IT’. Leaving teams to informally fill gaps in their tech suite, for example, by using consumer-grade messaging apps to communicate, creates unnecessary security risk. Encryption is a bare minimum for workplace collaboration, however enterprise-grade apps can provide additional features like Enterprise Key Management, audit logs which further empower IT teams to keep data secure and workers safe.

Further, having a dedicated security and compliance partner ecosystem means enterprise-ready collaboration tools can easily connect with security staples, for example Okta or Splunk.

Tip four: Boost identity and device management controls

With more workers using personal Wi-Fi and personal devices it’s time to establish new security baselines. Securing information in a hybrid working environment begins with identity controls. From session duration metrics to two-factor authentication and domain claiming, it’s crucial to think twice about how you’re ensuring only the right people have access to your company’s information, wherever they’re working.

Meanwhile, session management tools, default browser controls, additional authentication layers and the ability to block jailbroken or rooted devices are extra defenses that help ensure that it’s not just approved people, but approved devices that are plugging into your networks.

Tip five: Embrace a mindset shift on security 

Just as the work landscape has changed dramatically since early 2020, so has the security space. As workers shifted, so did threats, and IT teams have worked tirelessly to stay ahead of fast-moving bad actors.

We know remote work is here to stay. Meanwhile, new threats, like weaponized artificial intelligence are only just emerging. To help IT teams do their job and keep us and our businesses safe, we must shift our mindset on security.

That means formalizing the work from home space and enabling workers and IT teams to give it the same level of protection as is expected in a physical office. It also means listening to the needs of remote and hybrid workers and providing everyone with enterprise-grade tools for work, from office suites to collaboration tools, so that they never have to turn to non-enterprise grade or unsanctioned platforms.

Finally, it means always taking a security-first approach to the tech-stack. Reducing reliance on legacy tools that provide bad actors with exploitable gaps in your defense and building an ecosystem of enterprise-grade tools can enable businesses to shore-up security. The result is IT teams, and the organization as a whole can work from anywhere, safely and securely.